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(57) Abstract: For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) 
and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end 
procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses 
EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as 
additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or 
transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 
authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and 
AAAv (24) to act as mere pass-through agents during the procedure. 
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AMENDED CLAIMS 

[received by the International Bureau on 23 November 2004 (23.1 1.2004); 
original claims 1, 3, 5, 8, 24, 26, 28 and 31 amended; remaining claims unchanged (7 pages)] 

1. A method of authentication and authorization support for Mobile IP version 6 
(MIPv6), characterized by transferring, between a mobile node (10) in a visited 

5 network (20) and a home network (30) of the mobile node, MIPv6-related 
authentication and authorization information in an authentication protocol in an end-to- 
end procedure transparent to the visited network over an AAA infrastructure. 

2. The method of claim 1, characterized in that the authentication protocol is an 
1 0 extended authentication protocol. 

3. The method of claim 1, characterized in that the end-to-end procedure is between 
the mobile node (10) and an AAA server (34) in the home network (30), and nodes in 
the visited network act as mere pass-through agents in the end-to-end procedure. 

15 

4. The method of claim 3, characterized by further transferring MIPv6-related 
information from the AAA server (34) in the home network (30) to a home agent (26; 
36). 

2 0 5. The method of claim 1 or 4, characterized in that the MIPv6-related information 
also comprises MIPv6 configuration information. 

6, The method of claim 5, characterized in that the MIPv6-related information is 
transferred over the AAA infrastructure for immediate or future establishment of a 

2 5 MIPv6 security association between the mobile node (10) and the home agent (26; 36). 

7. The method of claim 5, characterized in that the MIPv6-related information is 
transferred over the AAA infrastructure for establishing a binding for the mobile node 
(10) in the home agent (26; 36). 

30 
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8. The method of claim 2, characterized in that the extended authentication protocol is 
an extended Extensible Authentication Protocol (EAP) and the MIPv6-related 
authentication and authorization information is incorporated as additional data in the 
EAP protocol stack. 

5 

9. The method of claim 8, characterized in that the MIPv6-related information is 
transferred in at least one EAP attribute in the EAP protocol stack. 

10. The method of claim 9, characterized in that the MIPv6-related information is 
1 0 transferred as EAP attributes of the method layer in the EAP protocol stack. 

11. The method of claim 10, characterized in that the EAP attributes are EAP TLV 
attributes. 

15 12. The method of claim 9, characterized in that the MIPv6-related information is 
transferred in a generic container attribute available for any EAP method. 

13. The method of claim 9, characterized in that the MIPv6-related information is 
transferred in a method-specific generic container attribute of the method layer in the 

2 0 EAP protocol stack. 

14. The method of claim 1, characterized in that the authentication protocol between 
the mobile node (10) and an AAA client (22) in the visited network (20) is carried by a 
protocol selected from the group of PANA, IEEE 802. IX, and PPP. 

25 

15. The method of claim 3, characterized in that the authentication protocol is carried 
by an AAA framework protocol application between the AAA client (22) in the visited 
network (20) and the AAA server (34) in the home network (30). 
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16. The method of claim 4, characterized in that the MIPv6-related information is 
transferred from the AAA server (34) in the home network (30) to the home agent (26; 
36) in an AAA framework protocol application. 

5 17. The method of claim 16, characterized in that the home agent (26; 36) is a local 
home agent (26) in the visited network (20) and the MIPv6-related information is 
transferred from the AAA home server (34) to the local home agent via an AAA server 
(24) in the visited network. 

10 18. The method of claim 15 or 16, characterized in that the AAA framework protocol 
application is an application of a protocol selected from the group of Diameter, and 
RADIUS. 

19. The method of claim 4, characterized by 

15 assigning, at the AAA home network server (34), a home agent (26; 36) to the 

mobile node (10); and 

distributing credential-related data for security association establishment between 
the mobile node and the home agent from the AAA home network server to the mobile 
node and the home agent, respectively. 

20 

20. The method of claim 3, characterized by assigning a home address to the mobile 
node (10) at the AAA home network server (34). 

21. The method of claim 20, characterized by configuring the home address of the 
2 5 mobile node (10) using the roundtrips of a selected EAP procedure. 

22. The method of claim 19, characterized by 

building, at the mobile node (10), a home address for the mobile node using at 
least a portion of the address of its assigned home agent (26; 36); and 
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transferring the home address of the mobile node from the mobile node to the 
AAA home network server (34) using a roundtrip of a selected EAP procedure. 

23. The method of claim 20 or 22, characterized by transferring the home address of 
5 the mobile node (10) from the AAA home network server (34) to the home agent (26; 

36) using an AAA framework protocol application. 

24. A system for authentication and authorization support for MIPv6, characterized by 
means for transferring, between a mobile node (10) in a visited network (20) and a 

10 home network (30) of the mobile node, MIPv6-related authentication and authorization 
information in an authentication protocol in an end-to-end procedure transparent to the 
visited network over an AAA infrastructure. 

25. The system of claim 24, characterized in that the authentication protocol is an 
1 5 extended authentication protocol. 

26. The system of claim 24, characterized in that the end-to-end procedure is between 
the mobile node (10) and an AAA server (34) in the home network (30), and AAA 
components in the visited network act as mere pass-through agents in the end-to-end 

2 0 procedure. 

27. The system of claim 26, characterized by means for further transferring MIPv6- 
related information from the AAA server (34) in the home network (30) to a home 
agent (26; 36). 

25 

28. The system of claim 24 or 27, characterized in that the MIPv6-related information 
also comprises MIPv6 configuration information. 

29. The system of claim 28, characterized in that the means for transferring MIPv6- 

3 0 related information over the AAA infrastructure comprises means for immediate or 
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future establishment of a MIPv6 security association between the mobile node (10) and 
the home agent (26; 36). 

30. The system of claim 28, wherein means for transferring MIPv6-related information 
over the AAA infrastructure comprises means for establishing a binding for the mobile 
node (10) in the home agent (26; 36). 

31. The system of claim 25, characterized in that the extended authentication protocol 
is an extended Extensible Authentication Protocol (EAP) and the MIPv6-related 
authentication and authorization information is incorporated as additional data in the 
EAP protocol stack. 

32. The system of claim 31, characterized in that the means for transferring the MIPv6- 
related information comprises at least one EAP attribute in the EAP protocol stack. 

33. The system of claim 32, characterized in that the means for transferring the MIPv6- 
related information comprises EAP attributes of the method layer in the EAP protocol 
stack. 

34. The system of claim 33, characterized in that the EAP attributes are EAP TLV 
attributes. 

35. The system of claim 32, characterized in that the means for transferring the MIPv6- 
related information comprises a generic container attribute available for any EAP 
method. 

36. The system of claim 32, characterized in that means for transferring the MIPv6- 
related information comprises a method-specific generic container attribute of the 
method layer in the EAP protocol stack. 
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37. The system of claim 24, characterized in that the authentication protocol between 
the mobile node (10) and an AAA client (22) in the visited network (20) is carried by a 
protocol selected from the group of PANA, IEEE 802. IX, and PPP. 

5 38. The system of claim 26, characterized in that the authentication protocol is carried 
by an AAA framework protocol application between the AAA client (22) in the visited 
network (20) and the AAA server (34) in the home network (30). 

39. The system of claim 27, characterized in that the MIPv6-related information is 
10 transferred from the AAA server (34) in the home network (30) to the home agent (26; 

36) in an AAA framework protocol application. 

40. The system of claim 39, characterized in that the home agent (26; 36) is a local 
home agent (26) in the visited network (20) and the MIPv6-related information is 

15 transferred from the AAA home server (34) to the local home agent via an AAA server 
(24) in the visited network. 

41. The system of claim 38 or 39, characterized in that the AAA framework protocol 
application is an application of a protocol selected from the group of Diameter, and 

2 0 RADIUS. 

42. The system of claim 27, characterized by 

means for assigning, at the AAA home network server (34), a home agent (26; 36) 
to the mobile node (10); and 

2 5 means for distributing credential-related data for security association 

establishment between the mobile node and the home agent from the AAA home 
network server to the mobile node and the home agent, respectively. 

43. The system of claim 26, characterized by means for assigning a home address to the 

3 0 mobile node ( 1 0) at the AAA home network server (34). 
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44. The system of claim 43, characterized by means for configuring the home address 
of the mobile node (10) using the roundtrips of a selected EAP procedure. 

45. The system of claim 42, characterized by 

means for building, at the mobile node (10), a home address for the mobile node 
using at least a portion of the address of its assigned home agent (26; 36); and 

means for transferring the home address of the mobile node from the mobile node 
to the AAA home network server (34) using a roundtrip of a selected EAP procedure. 

46. The system of claim 43 or 45, characterized by means for transferring the home 
address of the mobile node (10) from the AAA home network server (34) to the home 
agent (26; 36) using an AAA framework protocol application. 

47. An AAA home network server (34) for authentication and authorization support for 
Mobile IP version 6 (MIPv6), characterized by 

means for assigning a home agent (26; 36) to a mobile node (10); and 

means for distributing credential-related data for security association 

establishment between the mobile node and the home agent to the mobile node and the 

home agent, respectively. 

48. The server of claim 47, characterized by means for assigning a home address to the 
mobile node (10). 

49. The server of claim 48, characterized by means for configuring the home address of 
the mobile node (10) using the roundtrips of a selected EAP procedure. 

50. The server of claim 48, characterized by means for transferring the home address of 
the mobile node (10) to the home agent (26; 36) using an AAA framework protocol 
application. 



AMENDED SHEET (ARTICLE 19) 



